PT-2026-24180

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

WordPress plugin Orderable 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-5808

Name of the Vulnerable Software and Affected Versions BartVPN version 1.2.2 Description BartVPN version 1.2.2 has an unquoted service path issue in the BartVPNService. This allows local attackers to potentially run arbitrary code with higher system rights. Attackers can take advantage of the...

EUVD-2020-30970

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would ...

CVE-2020-37017

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with...

PT-2025-54255

Name of the Vulnerable Software and Affected Versions Tosibox Key Service version 3.3.0 Description The software contains an unquoted service path issue. This allows local, non-privileged users to potentially execute code with elevated system privileges. Exploitation involves manipulating the...

CVE-2025-34396

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

CVE-2025-34396

MailEnable

CVE-2025-54267

CVE-2025-54267 affects Adobe Commerce/Magento Open Source versions 2.4.9-alpha2 and earlier. The issue is an Incorrect Authorization vulnerability that lets a low-privileged attacker bypass security controls and gain elevated privileges, increasing integrity impact to high; exploitation requires ...

EUVD-2025-27561

Malicious code in bioql PyPI...

EUVD-2024-2572

Malicious code in bioql PyPI...

CVE-2024-43401

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned...

Dell Repository Manager 安全漏洞

Dell Repository Manager is a data repository manager from Dell USA. A security vulnerability exists in Dell Repository Manager 3.4.2 and earlier versions, which stems from a local elevation of privilege vulnerability that allows a local, low-privilege attacker to execute arbitrary executable file...

GHSA-F963-4CQ8-2GW7 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

Impact A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit...

CVE-2024-43401 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned...

PT-2024-30560 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10RC1 Description: A user without script or programming rights can trick a user with elevated rights to edit content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Remote code execution Administrator/Root rights - Remote code...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP, Netweaver, SAP GUI and HANA. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Circumvention of security measure. Remote...

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP BASIS, Netweaver, HAMA, Business Planning & Consolidation, SAP CRM and SAP Solution Manager. A malicious party could potentially exploit and cause damage in the following categories: Cross-Site Scripting XSS Bypassing authentication...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Remote code execution User Rights...